Click here to read about a flaw in Mozilla and Opera (to name a few) browsers cause them to be prime target for phishing attacks. Amazingly, IE users are not affected... (http://chrisnowak.org/comments.php?id=24_0_1_0_C)

Maybe IE will become "secure" to use again.. since everyone is switching over, the scripters and stuff will now target the other browsers.. makes you think.

Ahh, i did that, i hope it's not a scam ;) But that was weird how on earth could they get paypal.com to show up saying meow? lol

Yea really, i'm not sure wether to believe this or not. No matter to me I don't use Paypal, even if I did I would only use IE for Paypal. FF and even Opera are better than IE. :)

mck, I think the point is that this could be used for numerous different websites. Something like Hotmail, Yahoo, your banking account, probably even HostMatrix itself is a potential target. PayPal is just the used example.

Ha! It's a good thing then that I was taught early on (for other reasons) to type the web address for the most important links, not click on them, because clicking them can be unsecure for any number of reasons. For something as important as paypal or other banking transactions it's just best to be extra careful. I do belive paypal has a note on their website that you are to TYPE their URL for extra safety, not click on it through a link necessarily, though I could be wrong. Fine print is always the most important thing to read.

btw.. off topic side note... I've been away too long, and everything changed on me *wanders off lost*

Originally posted by mck9235@Feb 7 2005, 04:08 PM
No matter to me I don't use Paypal, even if I did I would only use IE for Paypal. FF and even Opera are better than IE. :)
26195


That's probably the most contradictory thing I've ever read in my entire life. FF and Opera are better than IE, but you would still use IE over those two. FF blows, always has an always will. For nice, fast, secure browser, visit Maxthon.com (http://www.maxthon.com/)

It's done with entities. If you look at the source, there's a а, which is another way of saying a cyrillic а character. Now, copy the below character:
а
Now go into your address bar, and type http://www.p then paste the character above, then type ypal.com/
Press enter, and you get the meow site. Now, it looks like paypal, because the cyrillic а looks no different than the western a, and so, you are fooled. The person setting up the scam simply registers the domain with a cyrillic a, and it is easy to fool you.

Scary, isn't it?

I kind of get it, but the normal "a" and the cryllic "a" should be different characters... but when i type "http://www.p" then copy in the character, it still prompts for "http://www.paypal.com"... are they the same?

That's because the cyrillic letter in is the second 'a' of paypal, as in payp[a]l

Thanks for that Tim :)

Wow, thats actually scary yet cool. :P

Geek, I prefer firefox, if it blows to you, well thats your personal opinion, and I have my own.

So if I registered something like Yahoo in crylic letters it would work the same as this scam?

the source of the link is "http://www.pаypal.com"

therefore it is the first "a"



---
Mod note: Zack, please use the edit button next time, thanks. :)

Originally posted by Tim@Feb 7 2005, 08:42 PM
It's done with entities. If you look at the source, there's a а, which is another way of saying a cyrillic а character. Now, copy the below character:
а
Now go into your address bar, and type http://www.p then paste the character above, then type ypal.com/
Press enter, and you get the meow site. Now, it looks like paypal, because the cyrillic а looks no different than the western a, and so, you are fooled. The person setting up the scam simply registers the domain with a cyrillic a, and it is easy to fool you.

Scary, isn't it?
26212


Whoa dude, that's like super tricky... lol, how would u register a domain with a cyrillic a? Would you actually type in, (when registering) paypаl.com? lol

you have to buy the domain with the cryllic 'a' don't you?
Anyways.
That's weird.
I just dissabled it.
in my FF.
And whoever said FF stinks. I think you're wrong

http://www.betanews.com/article/Spoofing_F...sers/1107797563 (http://www.betanews.com/article/Spoofing_Flaw_Found_in_Non_IE_Browsers/1107797563)

another site that says the same thing, for anyone doubting the first site, although all you had to do is click the link to see that its not a lie.

You can't just disable it. about:config and turning off IDN doesn't work, unless you plan on doing that everytime you load firefox.

Get ready to run to a new browser, according to this article HERE (http://internet.newsforge.com/article.pl?sid=05/01/31/2121249&from=rss)

Ironic.

Microsoft doesn't do any serious feature upgrades to IE for years, and is thus immune to an attack vector against a feature that they haven't built in support for, and, wait for it here's the funny part, anyone actually seriously suggests that this makes IE better than the competition.

Ha, whatever.

Anyone who falls for this deserves what they get. If you seriously believe that the internet is a safe, friendly place really shouldn't be on it, as they will get taken advantage of sooner or later. The internet is more like that bad neighborhood you don't dare go through at night, sad to say.

I can't seem to see the line IDN. Anyone know what line number it is on? Thanks.

Wow, yet another loose end paypal should tie up. Time to buy another instance of the paypal name. If they have to buy it from the guy who owns it, I wonder how much they would pay him for it... or yet another question, how much would he MAKE them pay for it.

I hope Firefox and the other browsers don't die down. I'm not so much impressed with the technical specifications, but more with the way in which so many people have crusaded against IE for nothing in return.

the thing is that this supposed "hole" is not as much of a problem as all the ones that IE has, and so IE people cant seriously use this as an excuse to use IE instead of other browsers

It seems have the makers of Fire Fox came up with a quick temporary fix for this problem, you can read about it here: http://www.cnn.com/2005/TECH/03/03/mozilla.security.ap/index.html